/* GIO - GLib Input, Output and Streaming Library
 *
 * Copyright 2022 Canonical Ltd
 *
 * SPDX-License-Identifier: LGPL-2.1-or-later
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General
 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include "config.h"

#include "gsandbox.h"

#include <string.h>

#define SNAP_CONFINEMENT_PREFIX "confinement:"

static gboolean
is_flatpak (void)
{
  const char *flatpak_info = "/.flatpak-info";
  gboolean found;

#ifdef G_PORTAL_SUPPORT_TEST
        char *test_key_file =
          g_build_filename (g_get_user_runtime_dir (), flatpak_info, NULL);
        flatpak_info = test_key_file;
#endif

  found = g_file_test (flatpak_info, G_FILE_TEST_EXISTS);

#ifdef G_PORTAL_SUPPORT_TEST
  g_clear_pointer (&test_key_file, g_free);
#endif

  return found;
}

static gchar *
get_snap_confinement (const char  *snap_yaml,
                      GError     **error)
{
  char *confinement = NULL;
  char *yaml_contents;

  if (g_file_get_contents (snap_yaml, &yaml_contents, NULL, error))
    {
      const char *line = yaml_contents;

      do
        {
          if (g_str_has_prefix (line, SNAP_CONFINEMENT_PREFIX))
            break;

          line = strchr (line, '\n');
          if (line)
            line += 1;
        }
      while (line != NULL);

      if (line)
        {
          const char *start = line + strlen (SNAP_CONFINEMENT_PREFIX);
          const char *end = strchr (start, '\n');

          confinement =
            g_strstrip (end ? g_strndup (start, end-start) : g_strdup (start));
        }

      g_free (yaml_contents);
    }

  return g_steal_pointer (&confinement);
}

static gboolean
is_snap (void)
{
  GError *error = NULL;
  const gchar *snap_path;
  gchar *yaml_path;
  char *confinement;
  gboolean result;

  snap_path = g_getenv ("SNAP");
  if (snap_path == NULL)
    return FALSE;

  result = FALSE;
  yaml_path = g_build_filename (snap_path, "meta", "snap.yaml", NULL);
  confinement = get_snap_confinement (yaml_path, &error);
  g_free (yaml_path);

  /* Classic snaps are de-facto no sandboxed apps, so we can ignore them */
  if (!error && g_strcmp0 (confinement, "classic") != 0)
    result = TRUE;

  g_clear_error (&error);
  g_free (confinement);

  return result;
}

/*
 * glib_get_sandbox_type:
 *
 * Gets the type of sandbox this process is running inside.
 *
 * Checking for sandboxes may involve doing blocking I/O calls, but should not take
 * any significant time.
 *
 * The sandbox will not change over the lifetime of the process, so calling this
 * function once and reusing the result is valid.
 *
 * If this process is not sandboxed then @G_SANDBOX_TYPE_UNKNOWN will be returned.
 * This is because this function only detects known sandbox types in #GSandboxType.
 * It may be updated in the future if new sandboxes come into use.
 *
 * Returns: a #GSandboxType.
 */
GSandboxType
glib_get_sandbox_type (void)
{
  if (is_flatpak ())
    return G_SANDBOX_TYPE_FLATPAK;
  else if (is_snap ())
    return G_SANDBOX_TYPE_SNAP;
  else
    return G_SANDBOX_TYPE_UNKNOWN;
}